Identification products, such as smart cards and RFID (Radio Frequency Identification) tags (known as well as Proximity Integrated Circuit Card—PICCs), are widely used in fields such as transport (ticketing, road tolling, baggage tagging), finance (debit and credit cards, electronic purse, merchant card), communications (SIM card for GSM phone), and tracking (access control, inventory management, asset tracking). International standard ISO14443A is the industry standard for contactless smart cards. ISO14443A-compliant products such as MIFARE (www.mifare.net) and NFC (www.nfc-forum.org) provide radio frequency communication technology for transmitting data between a card or tag and a reader device. For example, in electronic ticketing for public transport, travellers just wave their card over a reader at the turnstiles or entry point, benefiting from improved convenience and speed in the ticketing process. Such products are set to be the key to individual mobility in the future, supporting multiple applications including road tolling, airline tickets, access control and many more.
In general contactless cards are used as part of a secure infrastructure that includes a backend system, card readers and card validators, and possibly other equipment such as personalization and controlling equipment.
The data content of the cards generally represents some kind of value that can draw the attention of certain individuals to explore the security features of the card. However, the security of the entire system relies on all components of the infrastructure and must, therefore, not just rely upon the security implementation on the contactless cards. All parts of the system must be designed along with security targets amongst all its mission critical functions. Threats are derived from these security targets along with their potential countermeasures.
Each system deploying contactless smart cards has its own unique combination of system attributes which only the system integrators and their customers can understand as a whole. It is up to the system integrators and customers to determine and deploy the best balance between the security measures implemented in the different components. The best balance must include consideration of the trade-offs between cost, user interface (ease-of-use), and the required level of security.
Smart cards are typically used for the applications with high security requirements, while RFID tags are more low-cost oriented for application, where less security is required.
The RFID tags with RF-only interface can be used as standalone tags/cards for various applications such as transport, finance, communications & tracking. But this kind of RFID tags lack the usage in electronic solutions due to the absence of a host communication interface.
The RFID tags with host interface gives the flexibility to be used in electronic solutions where NFC solutions get benefited. In such a system, a host interface could be used to exchange the data with the RF interface through the tag memory.
In an existing low cost RFID/NFC contactless tag, RF authentication procedures preceding any memory operation ensures that access to a memory block is only possible by authentic users. Such memory content protection procedures/features are only defined in the existing RFID standards such as MIFARE, NFCFORUM, etc. for contactless RF interfaces.
Addition of a host interface (HIF) such as I2C, USB, SPI, UART, etc. to an RFID/NFC contactless tag opens up a huge application space such as smooth Bluetooth/Wi-Fi handover, device configurations, advanced gaming applications, etc. At the same time, however, this would also make the NVM (non volatile memory) content in the tag vulnerable for unauthenticated access via the HIF.
There may thus be a need for an improved RFID/NFC tag without the above drawbacks.